This week a judge sentenced Jeffrey Parker to six months in prison for falsely claiming that his ex violated HIPAA at a Savannah hospital.
In October 2019 Parker portrayed himself as a whistleblower, created an elaborate set of false documents to prove his claims, and gave an interview to a local television station while hiding his identity to the public. He alleged that his ex lover, a nurse at the unnamed hospital, violated HIPAA by emailing graphic and bloody images of patients to others. He emailed his “proof” to the hospital which was then forced to investigate these possible breaches to protect their patients’ privacy and comply with HIPAA.
The TV station reported it to law enforcement authorities who investigated. After hours of investigating by the FBI and the hospital, Parker finally admitted he deliberately created a false scheme to harm his ex.
In January 2020, Parker was charged with one count of making false statements and faced a maximum sentence of five years in prison and a $250,000 fine See HIPAA Complaint Revenge.
Whistleblowers are Protected
Although this case is unusual because of its personal nature, disgruntled employees can become motivated to do harm for revenge against an organization rather than an individual.
Healthcare providers must keep good documentation to protect themselves from spurious claims. And now, when healthcare providers are overtaxed by treating COVID-19 patients, they should be especially vigilant in checking backgrounds of temporary staff they hire to meet increased demands.
Whistleblower protection laws can be effective for exposing unlawful activity: they offer protection and rewards to insiders who have unique access to witness crimes. And a person acting in good faith who mistakenly reports misconduct is generally protected from retaliation. But one like Jeffrey Parker who intentionally makes a false report of misconduct can face criminal prosecution (and jail time) and even a civil lawsuit by the victim of their false claim.
HIPAA Compliance Protects Employers
If an insider – your own employee – is dishonest, disgruntled, or out for revenge and uses your name or data for their own purposes you need to be ready to investigate. The Security Rule Checklist contains the administrative, physical and technical safeguards to prevent or limit damage. By following the checklist, you will also have the documentation required to evaluate false claims and defend yourself.
Your employee may go to jail but your patients’ privacy and your reputation are on the line.